Paper 2017/982

Mind the Gap: Where Provable Security and Real-World Messaging Don't Quite Meet

Katriel Cohn-Gordon and Cas Cremers


Secure messaging apps have enjoyed huge uptake, and with the headline figure of one billion active WhatsApp users there has been a corresponding burst of academic research on the topic. One might therefore wonder: how far is the academic community from providing concrete, applicable guarantees about the apps that are currently in widespread use? We argue that there are still significant gaps between the security properties that users might expect from a communication app, and the security properties that have been formally proven. These gaps arise from dubious technical assumptions, tradeoffs in the name of reliability, or simply features out of scope of the analyses. We survey these gaps, and discuss where the academic community can contribute. In particular, we encourage more transparency about analyses' restrictions: the easier they are to understand, the easier they are to solve.

Available format(s)
Cryptographic protocols
Publication info
Preprint. MINOR revision.
messaging implementation position
Contact author(s)
me @ katriel co uk
2017-10-09: received
Short URL
Creative Commons Attribution


      author = {Katriel Cohn-Gordon and Cas Cremers},
      title = {Mind the Gap: Where Provable Security and Real-World Messaging Don't Quite Meet},
      howpublished = {Cryptology ePrint Archive, Paper 2017/982},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.